-
Notifications
You must be signed in to change notification settings - Fork 552
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORE-33: Hooked OpenSSL context service into app #17214
CORE-33: Hooked OpenSSL context service into app #17214
Conversation
/dt |
1 similar comment
/dt |
new failures in https://buildkite.com/redpanda/redpanda/builds/46513#018e5d9a-e4be-4aa4-bb38-e37205dd29bf:
|
8608feb
to
abf6e36
Compare
/dt |
ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46537#018e5f26-74e2-4635-8ed0-a48d4ddc3b39 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46537#018e5f26-74de-4147-81d9-bdca73793b86 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46537#018e5f39-137f-46c7-877e-5c1e4ee22085 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46621#018e66ee-b709-4380-b661-ac9f4b292a8a ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46637#018e6802-5965-4761-a07c-25994c2e1d2d ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46668#018e6c91-cd38-4ce9-bdc6-ae071a0f1e0c ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/46668#018e6c91-cd31-4901-80a3-92b1ab498076 |
abf6e36
to
e346eb8
Compare
/dt |
e346eb8
to
769fb45
Compare
/dt |
Cluster fixture tests appear to start multiple Redpanda instances on the same thread. This was resulting in an assertion during service shutdown because the replaced context was not the expected one (it was replaced by startup of the service on the same thread). A new environment variable has been added to the CTest environment when running a fixture test. The short circuit now detects if the global default context is the current context and if it is not, will exit the start up of the service if the environment is an RP fixture environment, as denoted by the added environmental variable. Signed-off-by: Michael Boquard <michael@redpanda.com>
Construction and start of service is very early in application startup to ensure that any services that require crypto are using the appropriate thread local library context and that the contexts have been initialized appropriately. Signed-off-by: Michael Boquard <michael@redpanda.com>
769fb45
to
9018835
Compare
/dt |
/dt |
if (in_rp_fixture_test()) { | ||
lg.warn( | ||
"Detected RP Fixture test, not initializing OSSL Context service"); | ||
return ss::make_ready_future(); | ||
} else { | ||
return _impl->start(); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: Does this mean that the default context is used in fixture tests? What's the implication of that? What are we not testing, are we sure it's limited to not blocking the reactor during I/O?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean that the default context is used in fixture tests?
yes
What's the implication of that? What are we not testing, are we sure it's limited to not blocking the reactor during I/O?
We wouldn't be able to run OpenSSL in FIPS mode in fixture tests, however CDT tests and unit tests will be able to. I believe I/O, if there is any, will be limited to initialization of the OpenSSL library which would only happen once at the start of the testing application and not in between the different test cases.
Construction and start of service is very early in application startup to ensure that any services that require crypto are using the appropriate thread local library context and that the contexts have been initialized appropriately.
Fixes: https://github.com/redpanda-data/core-internal/issues/1191
Backports Required
Release Notes